Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

Security Leftovers

Mesa 17.0.5

Raspberry WebKiosk 6.0 released

Raspberry WebKiosk 6.0 has been released today with a complete update of its underlying operating system, from Raspbian Wheezy to Raspbian Jessie Lite (a Debian Jessie derived OS for the Raspberry Pi microcomputer). Raspberry WebKiosk is designed for the cheapest possible web kiosks and multi-user web workstations (think about using it in cafès, offices, schools, hotels, hospitals, libraries) with the Raspberry Pi base, where people can surf the web with a normal browser. It’s a port of the more powerful Instant WebKoisk system for PCs. Read more

Best Linux Distros for Gaming in 2017

Gaming in Linux has evolved a lot in the past few years. Now, you have dozens of distros pre-optimized for gaming and gamers. We tested all of them and hand-picked the best. There are a few other articles and lists of this type out there, but they don’t really go into detail and they are pretty outdated. This is an up-to-date list with any info you’d need. Read more